Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/6123c4-2bc5-4df9-ad13-e1d99b8706e4/1/WQfdLj_nHwBf8MJ5CZeBpIAQ0cg.roa
File:                     WQfdLj_nHwBf8MJ5CZeBpIAQ0cg.roa (raw, json)
Hash identifier:          eVsc+Aru75d0oH+AESVDU8fnOvHuWGTbWbGAMix4lQ8=
Subject key identifier:   59:07:DD:2E:3F:E7:1F:00:5F:F0:C2:79:09:97:81:A4:80:10:D1:C8
Certificate issuer:       /CN=1008ba5429a709bc58ecdbae3f17e1bc9d3a4d5c
Certificate serial:       018DFE2E2D8AAA9F939FE231D4910939B20D
Authority key identifier: 10:08:BA:54:29:A7:09:BC:58:EC:DB:AE:3F:17:E1:BC:9D:3A:4D:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EAi6VCmnCbxY7NuuPxfhvJ06TVw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/6123c4-2bc5-4df9-ad13-e1d99b8706e4/1/WQfdLj_nHwBf8MJ5CZeBpIAQ0cg.roa
Signing time:             Sat 02 Mar 2024 08:00:55 +0000
ROA not before:           Sat 02 Mar 2024 08:00:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50083
IP address blocks:        185.77.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/6123c4-2bc5-4df9-ad13-e1d99b8706e4/1/EAi6VCmnCbxY7NuuPxfhvJ06TVw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/6123c4-2bc5-4df9-ad13-e1d99b8706e4/1/EAi6VCmnCbxY7NuuPxfhvJ06TVw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EAi6VCmnCbxY7NuuPxfhvJ06TVw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:fe:2e:2d:8a:aa:9f:93:9f:e2:31:d4:91:09:39:b2:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1008ba5429a709bc58ecdbae3f17e1bc9d3a4d5c
        Validity
            Not Before: Mar  2 08:00:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5907dd2e3fe71f005ff0c279099781a48010d1c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:fe:e2:12:2c:23:34:25:24:97:b4:10:d2:39:
                    a6:75:e9:0e:5c:f7:9b:5b:e1:8f:3d:ce:27:35:51:
                    7c:ca:45:7e:2c:d9:fa:f2:41:81:2e:49:d8:1b:cf:
                    74:e0:8d:9c:61:b1:8b:22:13:54:63:4e:c4:62:ff:
                    3c:4b:aa:f5:29:e7:c7:c3:65:eb:97:e0:5f:d4:3a:
                    39:22:44:5a:99:b5:b1:4e:35:98:aa:05:c6:37:24:
                    fb:0d:65:6a:86:71:4f:c0:74:8f:ef:13:87:8b:94:
                    ef:37:3f:4c:23:c2:d2:09:a4:64:fd:00:3e:13:c9:
                    e5:0c:d2:b4:a7:97:38:c0:a5:9b:d6:ab:e1:33:f1:
                    d8:50:10:ed:49:81:d6:28:bb:63:70:97:ac:e1:8c:
                    fc:e6:5d:d7:a9:22:60:e0:4c:94:80:97:3b:96:d2:
                    ef:6a:ec:15:2c:73:69:f8:30:81:93:ac:c2:9a:f2:
                    58:c2:36:91:fb:63:08:fb:93:ea:e0:4b:55:7c:96:
                    73:75:af:12:5b:1d:52:67:91:f3:b8:88:58:69:41:
                    80:29:c1:d0:f0:e2:56:1b:d8:f4:e9:77:59:37:17:
                    0c:a3:37:a7:ab:03:65:db:31:e0:f0:4a:c1:50:64:
                    c4:ae:28:67:5d:22:38:83:32:ff:2a:1c:cf:a9:a8:
                    17:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:07:DD:2E:3F:E7:1F:00:5F:F0:C2:79:09:97:81:A4:80:10:D1:C8
            X509v3 Authority Key Identifier:
                keyid:10:08:BA:54:29:A7:09:BC:58:EC:DB:AE:3F:17:E1:BC:9D:3A:4D:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EAi6VCmnCbxY7NuuPxfhvJ06TVw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/6123c4-2bc5-4df9-ad13-e1d99b8706e4/1/WQfdLj_nHwBf8MJ5CZeBpIAQ0cg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/6123c4-2bc5-4df9-ad13-e1d99b8706e4/1/EAi6VCmnCbxY7NuuPxfhvJ06TVw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:33:e0:2f:81:31:6e:eb:1e:f1:76:8b:25:4a:28:89:c4:94:
         e5:cb:4b:7f:d0:27:d2:b9:b3:76:17:31:fc:f7:2b:4a:9c:6b:
         e3:cb:03:74:f4:a9:7d:93:e4:c6:53:cc:69:bd:e0:58:7b:db:
         aa:54:17:e1:31:4d:0d:67:bd:2b:59:1f:e0:0c:14:10:d2:4b:
         6a:21:89:db:77:9a:37:be:dd:c7:c2:68:ce:fd:0b:4e:df:6f:
         be:c1:1a:73:97:a0:8d:9f:0b:54:c5:6f:70:97:d1:ee:9f:6f:
         20:9f:d7:b2:8e:35:cf:a3:ab:1a:fa:4d:98:89:7d:3d:59:7d:
         04:2a:04:86:67:64:5d:09:9f:82:3b:14:64:5c:10:4c:be:b7:
         1f:a0:25:8a:ef:af:35:d7:2f:07:8d:c9:cb:c5:d4:1a:ff:76:
         fa:19:80:b5:1c:d7:b0:81:fb:2b:ed:b0:0d:9d:9e:71:8d:82:
         a8:11:2e:e3:87:c7:e2:27:e4:0c:02:10:98:2e:24:35:e4:c4:
         8d:ae:b4:3a:d9:1f:c0:b9:0f:ea:d4:71:8e:1b:d0:c3:00:1a:
         2f:5f:f2:29:7e:90:51:5c:29:83:5b:14:45:66:56:77:42:d5:
         10:62:91:3c:a3:de:a4:d7:67:e1:ec:df:e7:12:51:de:75:8a:
         41:72:a3:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3+Li2Kqp+Tn+Ix1JEJObINMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwMDhiYTU0MjlhNzA5YmM1OGVjZGJhZTNmMTdlMWJjOWQz
YTRkNWMwHhcNMjQwMzAyMDgwMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTA3ZGQyZTNmZTcxZjAwNWZmMGMyNzkwOTk3ODFhNDgwMTBkMWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsP7iEiwjNCUkl7QQ0jmmdekOXPeb
W+GPPc4nNVF8ykV+LNn68kGBLknYG8904I2cYbGLIhNUY07EYv88S6r1KefHw2Xr
l+Bf1Do5IkRambWxTjWYqgXGNyT7DWVqhnFPwHSP7xOHi5TvNz9MI8LSCaRk/QA+
E8nlDNK0p5c4wKWb1qvhM/HYUBDtSYHWKLtjcJes4Yz85l3XqSJg4EyUgJc7ltLv
auwVLHNp+DCBk6zCmvJYwjaR+2MI+5Pq4EtVfJZzda8SWx1SZ5HzuIhYaUGAKcHQ
8OJWG9j06XdZNxcMozenqwNl2zHg8ErBUGTErihnXSI4gzL/KhzPqagXOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFkH3S4/5x8AX/DCeQmXgaSAENHIMB8GA1UdIwQY
MBaAFBAIulQppwm8WOzbrj8X4bydOk1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUFpNlZDbW5DYnhZN051dVB4Zmh2SjA2VFZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS82MTIzYzQtMmJjNS00ZGY5LWFkMTMt
ZTFkOTliODcwNmU0LzEvV1FmZExqX25Id0JmOE1KNUNaZUJwSUFRMGNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS82MTIzYzQtMmJjNS00ZGY5LWFkMTMtZTFkOTliODcwNmU0
LzEvRUFpNlZDbW5DYnhZN051dVB4Zmh2SjA2VFZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuU0PMA0G
CSqGSIb3DQEBCwUAA4IBAQCbM+AvgTFu6x7xdoslSiiJxJTly0t/0CfSubN2FzH8
9ytKnGvjywN09Kl9k+TGU8xpveBYe9uqVBfhMU0NZ70rWR/gDBQQ0ktqIYnbd5o3
vt3HwmjO/QtO32++wRpzl6CNnwtUxW9wl9Hun28gn9eyjjXPo6sa+k2YiX09WX0E
KgSGZ2RdCZ+COxRkXBBMvrcfoCWK76811y8HjcnLxdQa/3b6GYC1HNewgfsr7bAN
nZ5xjYKoES7jh8fiJ+QMAhCYLiQ15MSNrrQ62R/AuQ/q1HGOG9DDABovX/IpfpBR
XCmDWxRFZlZ3QtUQYpE8o96k12fh7N/nElHedYpBcqNE
-----END CERTIFICATE-----